[BUGFIX] Make category tree filterable for editors with category mounts
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Security / CategoryPermissionsAspect.php
1 <?php
2 namespace TYPO3\CMS\Backend\Security;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Tree\TreeNode;
18 use TYPO3\CMS\Backend\Tree\TreeNodeCollection;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20 use TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider;
21
22 /**
23 * We do not have AOP in TYPO3 for now, thus the aspect which
24 * deals with tree data security is a slot which reacts on a signal
25 * on data data object initialization.
26 *
27 * The aspect define category mount points according to BE User permissions.
28 */
29 class CategoryPermissionsAspect
30 {
31 /**
32 * @var string
33 */
34 protected $categoryTableName = 'sys_category';
35
36 /**
37 * @var BackendUserAuthentication
38 */
39 protected $backendUserAuthentication;
40
41 /**
42 * @param BackendUserAuthentication|null $backendUserAuthentication
43 */
44 public function __construct($backendUserAuthentication = null)
45 {
46 $this->backendUserAuthentication = $backendUserAuthentication ?: $GLOBALS['BE_USER'];
47 }
48
49 /**
50 * The slot for the signal in DatabaseTreeDataProvider.
51 *
52 * @param DatabaseTreeDataProvider $dataProvider
53 * @param TreeNode $treeData
54 * @return void
55 */
56 public function addUserPermissionsToCategoryTreeData(DatabaseTreeDataProvider $dataProvider, $treeData)
57 {
58 if (!$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) {
59
60 // Get User permissions related to category
61 $categoryMountPoints = $this->backendUserAuthentication->getCategoryMountPoints();
62
63 // Backup child nodes to be processed.
64 $treeNodeCollection = $treeData->getChildNodes();
65
66 if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) {
67
68 // Check the rootline against categoryMountPoints when tree was filtered
69 if ($dataProvider->getRootUid() !== null) {
70 $uidsInRootline = $this->findUidsInRootline($dataProvider->getRootUid());
71 if (!empty(array_intersect($categoryMountPoints, $uidsInRootline))) {
72 // One of the parents was found in categoryMountPoints so all children are secure
73 return;
74 }
75 }
76
77 // First, remove all child nodes which must be analysed to be considered as "secure".
78 // The nodes were backed up in variable $treeNodeCollection beforehand.
79 $treeData->removeChildNodes();
80
81 // Create an empty tree node collection to receive the secured nodes.
82 /** @var TreeNodeCollection $securedTreeNodeCollection */
83 $securedTreeNodeCollection = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Tree\TreeNodeCollection::class);
84
85 foreach ($categoryMountPoints as $categoryMountPoint) {
86 $treeNode = $this->lookUpCategoryMountPointInTreeNodes((int)$categoryMountPoint, $treeNodeCollection);
87 if (!is_null($treeNode)) {
88 $securedTreeNodeCollection->append($treeNode);
89 }
90 }
91
92 // Reset child nodes.
93 $treeData->setChildNodes($securedTreeNodeCollection);
94 }
95 }
96 }
97
98 /**
99 * Recursively look up for a category mount point within a tree.
100 *
101 * @param int $categoryMountPoint
102 * @param TreeNodeCollection $treeNodeCollection
103 * @return NULL|TreeNode
104 */
105 protected function lookUpCategoryMountPointInTreeNodes($categoryMountPoint, TreeNodeCollection $treeNodeCollection)
106 {
107 $result = null;
108
109 // If any User permission, recursively traverse the tree and set tree part as mount point
110 foreach ($treeNodeCollection as $treeNode) {
111
112 /** @var \TYPO3\CMS\Backend\Tree\TreeNode $treeNode */
113 if ((int)$treeNode->getId() === $categoryMountPoint) {
114 $result = $treeNode;
115 break;
116 }
117
118 if ($treeNode->hasChildNodes()) {
119
120 /** @var TreeNode $node */
121 $node = $this->lookUpCategoryMountPointInTreeNodes($categoryMountPoint, $treeNode->getChildNodes());
122 if (! is_null($node)) {
123 $result = $node;
124 break;
125 }
126 }
127 }
128 return $result;
129 }
130
131 /**
132 * Find parent uids in rootline
133 *
134 * @param integer $uid
135 * @return array
136 */
137 protected function findUidsInRootline($uid) {
138 $row = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('parent', $this->categoryTableName, 'uid=' . (int)$uid);
139 $parentUids = [];
140 if ($row['parent'] > 0) {
141 $parentUids = $this->findUidsInRootline($row['parent']);
142 $parentUids[] = $row['parent'];
143 }
144 return $parentUids;
145 }
146 }